Connecting the Dots: What Behavior Can Tell You About IoT, Malicious Insiders, and Ransomware

Change is constant. Technology evolves exponentially, but did you know that people’s behavior patterns tend to not change much? That’s what makes behavioral analytics so interesting. By studying the behavior of people and machines, you are able to get visibility into what’s happening in your organization. And when you understand that baseline of what’s normal, you can layer on perspectives of what behavior may actually pose a risk to your organization. This means that you can discover new, targeted, unknown threats in real-time.

We’re excited to be hosting a webinar event in which John Pescatore, director of emerging security trends at SANS, will discuss the impact of behavioral analytics with Matt Rodgers, head of strategy at E8 Security. They’ll tell real-life stories from E8 customers and follow it up with a demo of the Fusion Platform.

Here’s a sneak preview of the stories:

IoT: What happens when your office’s “smart” vending machines call out to servers off network using your guest wifi? We know they’re trying to keep track of inventory, conduct real-time test marketing, and monitor trends and drinking preferences, but it looks suspiciously like a sneaky command-and-control callout.

Insider threat: For one of our customers, E8 was able to predict that an employee was going to resign before he submitted his resignation. Our platform detected him connecting to files he had access to, but hadn’t downloaded before. That, combined with spikes in his overall download activity, raised a red flag. Because of the intelligence gathered from his behavior, the SOC team was able to confiscate the USB he downloaded all that sensitive (and proprietary!) info onto, before he left the building. He turned in resignation eight days after the Fusion Platform detected this activity.

Ransomware: Behavioral analytics can identify known and unknown processes running on endpoints without the use of signatures or sandboxing techniques. So when WannaCry hit, E8’s customers could use the Fusion Platform to link together individual actions that appeared legitimate when investigated individually, but were actually connected in a targeted campaign.

Want to hear more about these stories and others? Join us on 8/24 at 10AM PST. If you can’t make it at that time, register anyway — we’ll send a recording afterwards, so you can watch it on your own schedule.